Re: git: 8bce8d28abe6 - main - jail: Avoid multipurpose return value of function prison_ip_restrict()

In reply to: Gleb Smirnoff : "Re: git: 8bce8d28abe6 - main - jail: Avoid multipurpose return value of function prison_ip_restrict()"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Zhenlei Huang <zlei_at_FreeBSD.org>
Date: Fri, 03 Feb 2023 10:11:25 UTC

Hi Gleb,

> On Jan 14, 2023, at 3:39 AM, Gleb Smirnoff <glebius@freebsd.org> wrote:
> 
>  Zhenlei,
> 
> a couple concise assignments missed:
> 
> Z> @@ -1876,15 +1871,15 @@ kern_jail_set(struct thread *td, struct uio *optuio, int flags)
> Z>  				continue;
> Z>  			}
> Z>  #endif
> Z> -			if (prison_ip_restrict(tpr, PR_INET, NULL)) {
> Z> -				redo_ip4 = 1;
> Z> +			if (!prison_ip_restrict(tpr, PR_INET, NULL)) {
> Z> +				redo_ip4 = true;
> Z>  				descend = 0;
> Z>  			}
> Z>  		}
> Z>  	}
> 
> 	redo_ip4 = !prison_ip_restrict(tpr, PR_INET, NULL);

I think that is wrong, as `prison_ip_restrict` is called in loop round.
`redo_ip4` might flip to false on next round.

So the previous logic is right.

> +    redo_ip4 = !prison_ip_restrict(tpr, PR_INET, &ip4);

Should be `redo_ip4 |= !prison_ip_restrict(tpr, PR_INET, &ip4);`



> 
> Z> @@ -1896,8 +1891,8 @@ kern_jail_set(struct thread *td, struct uio *optuio, int flags)
> Z>  				continue;
> Z>  			}
> Z>  #endif
> Z> -			if (prison_ip_restrict(tpr, PR_INET6, NULL)) {
> Z> -				redo_ip6 = 1;
> Z> +			if (!prison_ip_restrict(tpr, PR_INET6, NULL)) {
> Z> +				redo_ip6 = true;
> Z>  				descend = 0;
> Z>  			}
> Z>  		}
> 
> 	redo_ip6 = !prison_ip_restrict(tpr, PR_INET6, NULL);
> 
> -- 
> Gleb Smirnoff


PS, the logic redo_ip4 / redo_ip6 under low memory pressure can be optimized and I'll do that later.

Best regards,
Zhenlei